When Team Atlanta claimed first place in the DARPA AI Cyber Challenge last year, they weren’t just celebrating a win—they were demonstrating that artificial intelligence (AI) could autonomously detect and patch software vulnerabilities at a scale once considered impossible.

Now, the team is working with the Linux Foundation and the Open Source Security Foundation (OpenSSF) to ensure that its breakthrough doesn’t remain confined to a competition environment. The team’s new initiative, OSS-CRS, aims to standardize and operationalize cyber reasoning systems (CRSs) for real-world use.

“The AI Cyber Challenge pushed the boundaries of autonomous software security, with seven teams developing systems capable of finding and remediating vulnerabilities at scale,” said Andrew Chin, a Georgia Tech Ph.D. student and lead on the OSS-CRS program. 

“However, after the competition’s conclusion, it has been difficult to apply these advancements to the open-source community due to infrastructure incompatibilities and the lack of long-term maintenance for the open-sourced CRS implementations.”

To address this gap, Georgia Tech’s Systems Software Lab (SSLab), directed by Professor Taesoo Kim, is leading the development of OSS-CRS, which provides both a common framework for CRS development and the infrastructure needed to deploy these systems seamlessly across open-source projects.

As part of this effort, the team has ported its competition-winning system, Atlantis, into the OSS-CRS framework. The move makes it compatible with laptops and other everyday machines with flexible resource and budget configurations.

Interoperability is also central to the framework’s design. Atlantis can be combined with other CRSs to improve performance, including systems developed by fellow AIxCC finalists and newer agentic, command-line-based tools. This modular approach reflects a key lesson the team learned from the competition: collaboration between systems can outperform any single solution.

OSS-CRS has been accepted as a sandbox project within OpenSSF’s AI/ML Security Working Group, a milestone that brings added technical guidance and community support to the project. This includes:

• Access to mentorship
• Dedicated working group meetings
• Broader visibility through industry events, publications, and outreach efforts

The collaboration will also foster stronger connections with open-source maintainers, helping streamline vulnerability disclosure and remediation workflows.